* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [IoT Security](https://www2.paloaltonetworks.com/blog/network-security/category/iot-security/)
* Zero Trust is Incomplete ...

# Zero Trust is Incomplete Without Device Security

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2F2023-iot-security-benchmark-report%2F)  
[](https://twitter.com/share?text=Zero+Trust+is+Incomplete+Without+Device+Security&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2F2023-iot-security-benchmark-report%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2F2023-iot-security-benchmark-report%2F&title=Zero+Trust+is+Incomplete+Without+Device+Security&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/2023-iot-security-benchmark-report/&ts=markdown)  
\[\](mailto:?subject=Zero Trust is Incomplete Without Device Security)  
Link copied  
By [Shravanthi Reddy](https://www.paloaltonetworks.com/blog/author/shravanthi-reddy/?ts=markdown "Posts by Shravanthi Reddy")  
Jun 21, 2023  
5 minutes  
[IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)  
[Industrial OT Security](https://www.paloaltonetworks.com/blog/tag/industrial-ot-security/?ts=markdown)

The number of connected IoT devices will continue to rise in the coming years, reaching an average of over 9,000 devices per enterprise by 2025. Unfortunately, most existing IoT security solutions lack any inbuilt prevention or enforcement and employ dated signature-based discovery methods focused on known devices. Poor IoT security was a factor in several infamous breaches in recent years, including those at [SolarWinds](https://www.paloaltonetworks.com/blog/2020/12/next-solarwinds-modernizing-cybersecurity/) and [Colonial Pipeline](https://www.paloaltonetworks.com/blog/2021/09/preventing-an-inevitable-cyberattack/), ultimately costing billions of dollars to remediate. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-296747-1.png)

The [2023 IoT Security Benchmark Report](https://start.paloaltonetworks.com/2023-benchmark-report-on-iot-security) reveals how top-performing organizations use advanced IoT security to protect connected devices from known and unknown threats. The report was developed by Starfleet Research, a world leader in benchmarking best practices in technology-enabled business initiatives. A team of subject matter experts used primary and secondary research techniques that engaged IT and cybersecurity leaders, IT staff and other industry practitioners with firsthand experience with IoT security in their organizations.

Here are a few highlights from the 2023 IoT Security Benchmark Report.

### **IoT Size and Scope across Industries**

Connected network devices have proliferated on enterprise networks, going from an average of 700 devices in 2020 to more than 3,000 devices in 2022. Experts agree that this number will continue to grow exponentially across all industries. The use of IoT devices across a range of sectors includes some of the following:

* \*\*Healthcare:\*\*wearable devices (e.g., fitness trackers, smartwatches), pacemakers, blood pressure monitors, connected hospital equipment (e.g., MRI machines, X-ray machines).
* **Manufacturing:** RFID tags, sensors, cameras, controllers.
* **Hospitality:** smart locks, thermostats, sensor-based lighting, energy management systems.
* **Retail: b**eacons, interactive displays, connected fitting rooms, connected packaging)
* **Financial Services**: ATM sensors, NFC-powered devices \[e.g., smartphones, smartwatches\], CCTV cameras, authentication tools.
* **Government**: traffic monitoring, air quality monitoring, traffic safety, smart trash cans, intelligent water meters.

### **The Dark Side of the IoT Explosion**

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-296747-2.png)

With the IoT market expected to reach $1.6 trillion by 2023, the risks that connected devices bring threaten to negate the benefits derived from increased productivity, efficiency and revenue. The manufacturers

of IoT devices have not always done everything possible to safeguard them. IoT devices are often designed by manufacturers with convenience in mind, which can sometimes come at the expense of security. In short, IoT devices are often shipped with vulnerabilities, run unsupported operating systems, are difficult to patch and lack encryption in communication. IoT devices are vulnerable to medium or high severity attacks.

### **Challenges Protecting Connected Devices**

Understanding the challenges that organizations face as they try to secure IoT devices helps inform decisions about solutions. Here are several of the most commonly cited challenges:

* Complexity of connected device ecosystems
* Inability to gain complete visibility
* Varied security levels
* Inadequate security features
* Lack of network segmentation
* Unencrypted data
* Limited security standards
* Compliance requirements
* Insufficient time and financial resources

To address these challenges, organizations need to rethink their security strategy. Connected devices must be integrated into security frameworks to close these risky gaps and mitigate vulnerabilities across an expanding attack surface.

### **Zero-Trust Approach and Device Security**

In a Zero Trust system, all devices and users must be verified and authenticated before they are granted access to resources. The Zero Trust approach to IoT security protects an organization by eliminating implicit trust and continuously validating every stage of digital interaction. With Zero Trust, no devices or users are automatically trusted, regardless of whether they are inside or outside a network. All devices and users are verified and authenticated before they are granted access to resources. Zero Trust provides a viable and effective security paradigm that can be used to protect the hundreds of thousands of connected devices deployed across enterprise ecosystems.

### **How Industry Leaders Secure Connected Devices**

Successful IoT security strategies are based on a Zero-Trust approach. They should also incorporate a purpose-built IoT security solution into existing security systems, such as endpoint protection platforms, intrusion detection and response systems.

Industry leaders implement IoT security that utilizes machine learning to identify vulnerabilities and suspicious activities, even those never seen before. In addition, their IoT security runs continuously, automates Zero Trust security and is deployed on a highly scalable cloud architecture. Other features that industry leaders have as part of their IoT security solution include:

* Ability to discover all IoT devices on the network---known and unknown
* Compliance assessment capabilities
* Device behavior analyzes to establish baselines and detect anomalous activity
* Protection against known, unknown, and zero-day threats
* Prescriptive least-privileged access policy recommendations and enforcement capabilities
* Easy integration with other security and IT systems

### **Reap the Benefits of Connected Devices without the Risk**

Organizations across different industries have realized increased productivity, efficiency and revenue by using IoT devices. Taking time to understand IoT security, the challenges and solutions employed by industry leaders, allows organizations to reap the benefits of connected devices while mitigating risks.

Learn what you can do to secure IoT devices on your enterprise networks. Read the [2023 Benchmark on IoT Security Report](https://start.paloaltonetworks.com/2023-benchmark-report-on-iot-security) to gain actionable insights into how to close gaps and take a proactive approach to IoT security.

*** ** * ** ***

## Related Blogs

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Improving Phishing Detection, DNS and Industrial OT Security: The Always Innovating Series](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Protecting OT Assets, Networks and Remote Operations with Zero Trust OT Security](https://www2.paloaltonetworks.com/blog/network-security/protecting-ot-assets-zero-trust-ot-security/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Converged Secure Connectivity For Critical Private Infrastructure](https://www2.paloaltonetworks.com/blog/network-security/converged-secure-connectivity-for-critical-private-infrastructure/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### 2025 Report Exposes Widespread Device Security Risks](https://www2.paloaltonetworks.com/blog/network-security/2025-report-exposes-widespread-device-security-risks/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Modern Firewall for the Enterprise of Connected Devices](https://www2.paloaltonetworks.com/blog/network-security/the-modern-firewall-for-the-enterprise-of-connected-devices/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)

[#### Protecting the Utility Grid's Digital Ecosystem, from Core to Edge to AI](https://www2.paloaltonetworks.com/blog/network-security/protecting-the-utility-grid-digital-ecosystem-from-core-to-edge-to-ai/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language